CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/27 5:31 a.m.•9 views

CVE-2026-7614 Old Posts Highlighter <= 1.0.3 - Cross-Site Request Forgery to Settings Update

4.3CVSS0.00014EPSS

Exploits0References5

EUVD-2026-32073

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...

4.3CVSS5.7AI score0.00023EPSS

Exploits0References4

EUVD•added 2026/05/27 5:31 a.m.•11 views

EUVD-2026-32071

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS5.7AI score0.00022EPSS

Exploits0References4

CVE-2026-8941 CDN Linker lite <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

4.3CVSS0.00013EPSS

ATTACKERKB•added 2026/05/27 5:31 a.m.•5 views

CVE-2026-8943

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostatsmanage function. This makes it possible for unauthenticated attackers to update the plugin's...

Vulnrichment•added 2026/05/27 5:31 a.m.•9 views

Exploits0References4

CVE-2026-8941 CDN Linker lite <= 1.3.1 - Cross-Site Request Forgery to Plugin Settings Update

EUVD•added 2026/05/27 5:31 a.m.•11 views

EUVD-2026-32068

EUVD•added 2026/05/27 5:31 a.m.•9 views

EUVD-2026-32067

CVE•added 2026/05/27 5:31 a.m.•10 views

CVE-2026-8941

The CVE concerns the WordPress plugin CDN Linker lite (

CVE•added 2026/05/27 5:31 a.m.•12 views

CVE-2026-8943

GoStats for WordPress plugin for WordPress is vulnerable to Cross‑Site Request Forgery in all versions up to 1.4 due to missing or incorrect nonce validation in gostats_manage(). This allows unauthenticated attackers to modify settings (gostats_siteid, gostats_server) via forged requests if a sit...

EUVD•added 2026/05/27 5:31 a.m.•8 views

EUVD-2026-32060

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

EUVD•added 2026/05/27 5:31 a.m.•6 views

EUVD-2026-32059

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the searchsimplefieldsoptions function in functionsadmin.php. This makes it possible for unauthenticated attacke...

CVE-2026-8939 Search Simple Fields <= 0.2 - Cross-Site Request Forgery to Plugin Settings Update

4.3CVSS0.00013EPSS

CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass

4.3CVSS0.00013EPSS

CVE•added 2026/05/27 5:31 a.m.•11 views

CVE-2026-8938

The CVE-2026-8938 entry concerns the WordPress plugin “auto making JSON-LD” (versions

Vulnrichment•added 2026/05/27 5:31 a.m.•5 views

CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass